CVE-2017-17149 — LOW (3.9) — White Hats Nepal

Q: How severe is CVE-2017-17149?

CVE-2017-17149 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-17149?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Hiwallet.

Vulnerability Description

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet.

CVSS Score

3.9

LOW

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Hiwallet	< 8.0.4

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-hiwalleVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-hiwalleVendor Advisory

FAQ

What is CVE-2017-17149?

CVE-2017-17149 is a vulnerability with a CVSS score of 3.9 (LOW). Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privile...

How severe is CVE-2017-17149?

CVE-2017-17149 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17149?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Hiwallet.